[isf-wifidog] protecting the gateway status page
Wichert Akkerman
wichert at wiggy.net
Lun 28 Avr 06:51:13 EDT 2008
Previously Wichert Akkerman wrote:
> The gateway status page is readable for everyone at the moment. This has
> several downsides for me:
>
> - it includes all information needed to disconnect a user using the
> manual disconnect feature I'm implementing. That makes it a security
> problem.
>
> - I use wifidog in a highly commercial environment (airport lounges at
> Amsterdam Airport Schiphol) and do not want everyone to be able to see
> how many people are connecting and which IPs/MACs they have. That
> has both security issues (MAC addresses reveal a lot about the type of
> machine someone uses for example) and bussiness reasons (the usage
> figures are confidential).
>
> I intend to add optional HTTP authentication to the status page.
> LibHTTPD provides that option so it should be a simple change.
I've implemented and tested this: http://dev.wifidog.org/ticket/463
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Plus d'informations sur la liste de diffusion WiFiDog